Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Overview of HDI Administration application in SAP HANA Cloud Central

VolkerSaggau
Product and Topic Expert
Product and Topic Expert
‎03-12-2024 2:35 PM

The SAP HANA Deployment Infrastructure (HDI) provides a service that enables you to deploy database development artifacts to containers. This service includes a family of consistent design-time artifacts for all key SAP HANA platform database features which describe the target (run-time) state of SAP HANA database artifacts, for example: tables, views, or procedures. These artifacts are modeled at design-time, staged (uploaded) and built. Finally they're deployed into SAP HANA using HDI.

The HDI Administration application in SAP HANA Cockpit facilitates HDI administration tasks, like create / drop container groups and containers, move containers, grant / revoke privileges, etc.

To access the HDI Administration application from BTP Cockpit, go to SAP HANA Cloud Central as shown here:

VolkerSaggau_0-1709916295735.png

VolkerSaggau_1-1709916394387.png

In SAP HANA Cloud Central, select a DB instance on the instances overview page. The instance details view opens on the right-hand side of the screen:

VolkerSaggau_2-1709916472289.png

At the bottom of the "User & Authorization Management" card click on the link "HDI Administration":

VolkerSaggau_3-1709916531127.png

 

The HDI Administration application opens. The "Groups & Containers" tab provides an overview of the existing groups and the containers in each group.

VolkerSaggau_0-1710065702606.png

On the "Groups & Containers" tab - but also on other tables on the UI - there is a "Settings" button (gear wheel icon) which allows you to add further data to the tables, like here in this case the disk sizes and memory sizes of containers.

There are 4 different display areas for data:

  1. Top: Overview (also adjust the unit for memory information here, if required) 
  2. Left: Startpoint can be either
    1. "Groups & Containers" tab
    2. "Users & Roles" tab
  3. Top right:
    1. Users and roles with privileges on the group or container selected in 2 A
    2. Groups and containers on which the user or role selected in 2 B has privileges
  4. Bottom right: Admin Privileges, Schema Privileges, Schema Roles for the selected tuple user/role and group/container

You start the navigation either on the "Groups & Containers" tab or on the "Users & Roles" tab by selecting an item. At the top right, the corresponding complementary information is displayed. This means:

  • For a group or container selected on the left-hand side, all users and roles which have privileges on this group or container are displayed at the top right.
  • Vice versa, for a user or role selected on the left-hand side, all groups and containers on which the user or role has privileges, are displayed at the top right.

Navigation starting on "Groups & Containers" tab:

VolkerSaggau_0-1710253985644.png

 

Navigation starting on "Users & Roles" tab:

VolkerSaggau_1-1710236491457.png

In the top right table, select an item (which is either a user or role, or which is a group or container) to see in the bottom right table the detailed lists of privileges (Admin Privileges, Schema Privileges, Schema Roles) for this user or role on this group or container.

The user you are running this application is displayed at the top, in brackets behind the application title (here in the example DBADMIN). If this user has sufficient grant and revoke privileges, you may grant and revoke privileges for other users and roles, or for yourself (here DBADMIN). This means, you may select or deselect the privileges in the bottom right table and click the "apply" button (disk icon) to save your selection in the DB. The privileges on the selected group or container will correspondingly be granted or revoked for the selected user or role on the selected group or container.

In general the application lets you know if the user you are running the application has insufficient privileges for a particular action. For example, if you do not have the privilege to drop a container, the corresponding button is inactive.

Please keep in mind however, that changing the privileges of roles outside the role definition (e.g. an artifact file) using the HDI Administration application may create an inconsistency between the design-time definition of the role and the runtime object in the DB. This is not recommended and should only be done in an emergency. The next deployment of the same role in the DB will overwrite the privilege change made by the HDI Administration application with the privileges defined in the design-time version of the role. This can be a source of error or at least cause confusion.

Summary:

The HDI Administration application facilitates HDI administration tasks and provides detailed information about container groups, containers, users, roles and different types privileges in the HDI context. More functionality will be added to the HDI Administration application in upcoming releases.

 

 

 

Labels in this area
Popular Blog Posts